Enormous State tables, lots of Ram… So.... Your 10,000 simultaneous "perfectly legal" downloads won't crash your router and cause it to flake out right in the middle of your favourite Netflix episode.

I'm no fan of CALEA, but as I understand it, even CALEA has threshholds for required emplementation.  Specifically number of users and type of service.  I think this guy is too far below the radar to get forced into CALEA requirements, however that depends on how many people is "large wifi network for a nine building apartment complex".  Technically speaking. https://freedom-to-tinker.com/blog/felten/calea-ii-risks-of-wiretap-modifications-to-endpoints/ Another problem I have with logging, especially copious logging is that if a logging system is compromised, now the privacy of everyone included in the logs has been compromised. CALEA compliant systems have been "hijacked" by criminals to invade the privacy of people and even to commit financial crimes.

HAHAHHAHAHAHAHAHAHAHAHAHA!!

Huh? http://doc.pfsense.org/index.php/Static_Routes

No Problem Glad I was able to help.

Ah yes I read that too quickly and thought you were trying to get access to the web interface of your Cisco box.  :-[ So you can access the cpanel login with the full link but not the shortcut? I would expect a shortened address like that to work only if the local dns knows about it. Steve

We are using a mixture of ethernet (as their PE router is on our premises) and ADSL where the PE router is at the exchange. The ADSL connection comes in 2 types: 1. Where they just need you to specify a loopback address that they then enter into the vrf. 2. Where they ask for a loopback address and a lan subnet that they enter into the vrf. Now, with number 2, I would imagine you could use any old router as the lan is specified by the providers. But with ethernet & number 2 above, it looks as though you have to use a mutual routing protocol eg BGP as that is the only way of getting the routes into the table.

You'll have to define 'full fledged proxy'. You have Squid available and Squidguard or Dansguardian if you want filtering options. Steve

Sorry for the late response, did you get this resolved? If not PM me and I will see if I can help.

Hello and welcome!! How you getting on installing pfsense? It's such an amazing open source firewall with so many possibilities.

From what little I've heard/read about it, it wasn't a backdoor per-se, but a Key that was trusted to run/install. So they still had to have a way to get the bits onto the PC, but once there, it would be trusted and wouldn't prompt as unsigned code. There really wasn't enough info out there to say much of anything for certain though, it could also be explained other ways besides actually belonging to the NSA.

For time and cost reasons it'd be prohibitive for me to get there in person, but I would be willing to present one of the sessions of the conference remotely via Gotomeeting or Skype or something along those lines if you can put something together. Not sure on tips for putting such an event together, as I just attend a bunch of conferences, I've never actually put one on myself. Getting the word out to other universities I would think would be relatively easy if you have some contacts at each university. Have one or more people at each pass the word around. If you think you could grow the project's presence in Ethiopia with a dedicated board, I would be willing to create one. In the last month, only 87 visits out of hundreds of thousands of total visits to forum.pfsense.org were from Ethiopia (per Google Analytics).

Running a few vlans general access NAS/SAN network guest wireless dmz test lab wan total nodes is less than 20 with a number of them being vm's. As the pfsense box is a VM I've only got vlans 1,3, and 6 going physical.

@craigduff: In your opinion are big corporates running pfsense? Or do you think companies are now swaying more towards an open source solution? When i have worked for big companies in the city they all seem to be running Cisco or Juniper etc… Iv been a pfsense fan now for 3 years now and love it! And would always implement pfsense when i can. For basic filtering and routing Pfsense does a great job ….. add in the fact it has many useful plug-ins its a Ideal Platform for home or small businesses with micro budgets. But if your top priority is security, corporations will use Cisco, Juniper ...etc. because you have more security options but they may use Pfsense as DMZ's etc.....behind them to save a few dollars. If security isn't there top priority I suppose some corporations may use them on the front line of defense to save some dollars. If your a true security expert and spend 8 hours a day 7 days a week managing a pfsense Firewall I suppose you could by using snort and the firewall filters maintaining a set of custom rules to defend the network. It would be a never ending process new rules every day being added. But this is why you subscribe to a professional security firm selling subscriptions which allow you accesses to there custom rules for just a few thousand dollars a year. One of the nice things about Pfsense is the fact you pick your own hardware ..... Old computer you just retired, or buy a new state of the art computer system.